Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-227960 | GEN007780 | SV-227960r603266_rule | Medium |
Description |
---|
6to4 is an IPv6 transition mechanism that involves tunneling IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis. This is not a preferred transition strategy and increases the attack surface of the system. |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2020-12-04 |
Check Text ( C-30122r490312_chk ) |
---|
# ifconfig -a If a tunnel interface is displayed with an IPv4 tunnel source address, an IPv6 interface address, and no tunnel destination address, this is a finding. |
Fix Text (F-30110r490313_fix) |
---|
Disable the active 6to4 tunnel. # ifconfig Check the /etc/hostname* files for startup configuration for the tunnel, and edit or delete as appropriate to prevent the tunnel creation on startup. |